Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] How to configure RSPAN VLAN to capture packets flowing on two or more ports

1

0

Article ID: KB35456 KB Last Updated: 04 Feb 2020Version: 1.0
Summary:

This article describes how to configure Remote Switched Port Analyzer (RSPAN) VLAN when there is a need to capture packets flowing on two or more ports on the EX2300, EX3400, and EX4300 switches.

 

Symptoms:

When there are two input ports to analyze, you may configure one output port to capture that traffic by bundling capture sessions. If you need to know the port from which a packet comes in, you may consider dividing an RSPAN VLAN for each input port. However, RSPAN VLAN will always use only one of the VLAN tags even though two different tags have been configured.

For example, when there are two analyzer sessions, test888 and test999, and each session has each VLAN as an output VLAN, you may expect to see each VLAN tag on the output port ge-0/0/12.

set interfaces ge-0/0/12 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members 888
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members 999
set interfaces ge-0/0/20 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/20 unit 0 family ethernet-switching vlan members 1111
set interfaces ge-0/0/21 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members 2222
set forwarding-options analyzer test888 input ingress interface ge-0/0/20.0
set forwarding-options analyzer test888 output vlan 888
set forwarding-options analyzer test999 input ingress interface ge-0/0/21.0
set forwarding-options analyzer test999 output vlan 999
set vlans vlan1111 vlan-id 1111
set vlans vlan2222 vlan-id 2222
set vlans vlan888 vlan-id 888
set vlans vlan999 vlan-id 999

According to the show forwarding-options analyzer output, the above configuration is seen to have been loaded properly on the device.

test@EX2300# run show forwarding-options analyzer
  Analyzer name                    : test888
  Mirror rate                      : 1
  Maximum packet length            : 0
  State                            : up
  Ingress monitored interfaces     : ge-0/0/20.0
  Output VLAN                      : default-switch/vlan888

  Analyzer name                    : test999
  Mirror rate                      : 1
  Maximum packet length            : 0
  State                            : up
  Ingress monitored interfaces     : ge-0/0/21.0
  Output VLAN                      : default-switch/vlan999

The expected mirrored output from the above configuration is as shown below:

  • Traffic received on ge-0/0/20 will be tagged 888 and will go out from ge-0/0/12.
  • Traffic received on ge-0/0/21 will be tagged 999 and will go out from ge-0/0/12.

However, the actual behavior is as below:

  • Traffic received on ge-0/0/20 is tagged 888 and goes out from ge-0/0/12.
  • Traffic received on ge-0/0/21 is tagged 888 and goes out from ge-0/0/12.

Non-Working Topology

 

Cause:

This behavior is due to a product limitation wherein two VLAN tags cannot be managed on the same port for RSPAN. For the EX2300, EX3400, and EX4300 product series, only one VLAN tag has been assigned for RSPAN VLAN per output interface. This is a chip limitation.

Since the same port is part of two analyzer output VLANs, the RSPAN VLAN tag is overwritten by the second output VLAN configuration.

 

Solution:

In order to achieve the above requirement, you need to divide the output port and assign individual output VLANs to each port as follows:

set interfaces ge-0/0/12 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members 888
set interfaces ge-0/0/19 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/19 unit 0 family ethernet-switching vlan members 999
set interfaces ge-0/0/20 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/20 unit 0 family ethernet-switching vlan members 1111
set interfaces ge-0/0/21 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members 2222
set forwarding-options analyzer test888 input ingress interface ge-0/0/20.0
set forwarding-options analyzer test888 output vlan 888
set forwarding-options analyzer test999 input ingress interface ge-0/0/21.0
set forwarding-options analyzer test999 output vlan 999

Working Topology

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search